Nginx: Difference between revisions
→Initial setup
imported>Sjwhitak (Mediawiki, not markdown) |
imported>Sjwhitak |
||
| (4 intermediate revisions by the same user not shown) | |||
|
</syntaxhighlight>
{{Note|If that's all you want, don't use nginx; it'd be easier to write a [https://funprojects.blog/2021/04/11/a-web-server-in-1-line-of-bash/ single-lined Bash script] to run a single page.
In <code>/etc/nginx/nginx.conf</code>, <code>/etc/nginx/conf.d/*.conf</code> and <code>/etc/nginx/sites-enabled/*</code> are included. Therefore, if you have a complicated set up, you can split up your configuration among multiple files.
To test your configuration,
To test your configuration, <code>nginx -t</code> will tell you what syntax is wrong if there happens to be any. For instance, some directives can't be certain areas.▼
{{RootCmd|nginx -t}}
▲
== A single domain ==
}
</syntaxhighlight>
Please note that you'll need [https://shell.lug.mtu.edu/wiki/index.php?title=Nginx
=== Subservers ===
One can also use a single server using varying [https://nginx.org/en/docs/http/ngx_http_core_module.html#location location] directives:
server {
root /var/www/html;
index index.html;
server_name example.com;
listen 80;
listen [::]:80;
location /blog {
alias /var/www/blog;
}
location /wiki {
alias /var/www/mediawiki;
}
location /forum {
alias /var/www/phpbb;
index index.php;
# php stuff
}
}
</syntaxhighlight>▼
The [https://nginx.org/en/docs/http/ngx_http_core_module.html#location location] directive can use regex:
server {
listen 80;
listen [::]:80;
location ~ ^/~(.+?)(\/.*)?$ {
alias /home/$1/website$2;
}
}
</syntaxhighlight>▼
where this regex maps a home directory with a tilde; hence, a public access unix server with a public html page.
== Simple security ==
If you want to protect your server from people access your IP (typically if they're crawling via IPs, they're probably not up to something good), you can up a configuration:
Instead, we can use a free service, [https://letsencrypt.org/ Let's Encrypt], [https://dehydrated.io/ Dehydrated], or [https://zerossl.com/ ZeroSSL]. Let's Encrypt is the most common, and is a straightforward set up.
{{RootCmd|apt install certbot python3-certbot-nginx}}▼
▲<syntaxhighlight lang="bash">
▲apt install certbot python3-certbot-nginx
▲</syntaxhighlight>
Once certbot is installed, ensure your domain is pointed to the correct nginx server, then run:
{{RootCmd|certbot --nginx -d example.com -d ...}}▼
▲<syntaxhighlight lang="bash">
▲certbot --nginx -d example.com -d ...
▲</syntaxhighlight>
Where you can keep chaining <code>-d <domain></code> for each domain you have. <code>python3-certbot-nginx</code> will find the right nginx configuration to call, and <code>certbot</code> will make sure you've got rights to that domain. You can't just run certbot on google.com, you need to own the domain and the IP that domain is connected to. At this point, <code>python3-certbot-nginx</code> should have edited your nginx configuration to have certbot's certificate auto-configured. If you force https, you'll see:
<syntaxhighlight lang="nginx" line>
[https://letsencrypt.org/ Let's Encrypt] is simple. Just run <code>certbot renew</code> and it'll renew your certificate.
[https://letsencrypt.org/ Let's Encrypt]'s certificates are valid for 3 months, so you can update this every 3 months when it expires. Or, have a cronjob do it for you! Type
{{RootCmd|crontab -e}}
and then add:
0 12 * * * /usr/bin/certbot renew --quiet
At this point, we have nginx pointing to port <code>7777</code> for our <code>fastcgi</code> server to run the php files. We need to configure <code>fpm</code> to do this:
{{RootCmd|vim /etc/php/7.4/fpm/pool.d/www.conf}}▼
▲vim /etc/php/7.4/fpm/pool.d/www.conf
and write
<syntaxhighlight lang="text" line start="36">
Update everything with systemd,
{{RootCmd|systemctl restart
▲systemctl restart php7.4-fpm
and the two sites should work.
| |||